sharp s (Eszett)

Stephane Bortzmeyer bortzmeyer at
Sun Mar 9 14:49:00 CET 2008

On Sun, Mar 09, 2008 at 11:19:27AM +0900,
 Martin Duerst <duerst at> wrote 
 a message of 43 lines which said:

> >In particular, that leaves a hole if someone creates a funky
> >A-label that could not have been formed via the U-label process. I
> >think that hole that needs to be plugged,
> Why? Whom are we trying to protect, against what?

Indeed. There really seems to be a hidden agenda (coming from ICANN?)
behind the IDNAbis project.

All the studies on phishing have shown that almost no user takes into
account the domain name in its credibility assessment algorithm,
relying instead on the look of the page. So, trying to address the
phishing problem through homographs is a bad start.

As a TLD, we receive a lot of a phishing reports for domains ending in
".fr". It is extremely rare that the phisher makes an attempt, even a
small one, to have a realistic domain name. We see domain names which
are obviously completely unrelated to the target (and the phishing
still works) or domain names which are related to the target but that
no homograph policy could have prevented (such as
paypal-secure.example for paypal.example or ebay.myowndomain.example
for ebay.example).

IDN spoofing is a nice subject for hackers but it is not widely used
in the real world. Not enough to justify to change the IDN standard.

More information about the Idna-update mailing list